[Koha-bugs] [Bug 18298] Enforce password complexity

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Mon Mar 20 18:21:58 CET 2017


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18298

Marc Véron <veron at veron.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #61232|0                           |1
        is obsolete|                            |

--- Comment #17 from Marc Véron <veron at veron.ch> ---
Created attachment 61336
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=61336&action=edit
Bug 18298: Add server-side checks and refactor stuffs

Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron at veron.ch>

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list